Kunai - library for analyzing Dalvik Executable Files (DEX)
https://farena.in/android/analysis/kunai-lib/
https://farena.in/android/analysis/kunai-lib/
Eduardo BlΓ‘zquez's Personal Webpage
Kunai, a library for analyzing Dalvik Executable Files
Kunai is a library for analyzing Dalvik Executable Files, this library is written in C++ for performance reasons
π3β€βπ₯1
Google Reverse Image Search Fix
Google lens is not too user friendly for investigations. But this tool will help you get back to the old Google Image Search.
(in case of problems, upload images to Postimages.org)
https://googlelens.imagesniper.eu/
#osint
Google lens is not too user friendly for investigations. But this tool will help you get back to the old Google Image Search.
(in case of problems, upload images to Postimages.org)
https://googlelens.imagesniper.eu/
#osint
β€3β€βπ₯1π1π₯1
β€4β€βπ₯2π2
ββWindows 11 Exploits
CVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, CVE-2022-30190.
https://github.com/nu11secur1ty/Windows11Exploits
#cve #cybersecurity #infosec
CVE-2023-24892, CVE-2023-33131, CVE-2022-30129, CVE-2023-33137, CVE-2023-33145, CVE-2023-33148, CVE-2022-30190.
https://github.com/nu11secur1ty/Windows11Exploits
#cve #cybersecurity #infosec
β€1β€βπ₯1
ββADHunt v2.0
A tool for enumerating Active Directory Enviroments looking for interesting AD objects, vulnerabilities, and misconfigurations. It currently uses a combination ldap queries and available tooling. It was built as a follow up to LinWinPwn.
https://github.com/Auto19/ADHunt
#infosec #pentesting #redteam
A tool for enumerating Active Directory Enviroments looking for interesting AD objects, vulnerabilities, and misconfigurations. It currently uses a combination ldap queries and available tooling. It was built as a follow up to LinWinPwn.
https://github.com/Auto19/ADHunt
#infosec #pentesting #redteam
ββIAMActionHunter
IAMActionHunter is an IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management (IAM). Although its functionality is straightforward, this tool was developed in response to the need for an efficient solution during day-to-day AWS penetration testing.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#cybersecurity #infosec #pentesting
IAMActionHunter is an IAM policy statement parser and query tool aims to simplify the process of collecting and understanding permission policy statements for users and roles in AWS Identity and Access Management (IAM). Although its functionality is straightforward, this tool was developed in response to the need for an efficient solution during day-to-day AWS penetration testing.
https://github.com/RhinoSecurityLabs/IAMActionHunter
#cybersecurity #infosec #pentesting
ββπ Unshackle
Open-source tool to bypass windows and linux passwords from bootable usb.
https://github.com/Fadi002/unshackle
#infosec #pentesting #redteam
Open-source tool to bypass windows and linux passwords from bootable usb.
https://github.com/Fadi002/unshackle
#infosec #pentesting #redteam
ββCVE-2023-27163
To assist in enumerating the webserver behind the webserver SSRF.
https://github.com/seanrdev/cve-2023-27163
#cve #cybersecurity #infosec
To assist in enumerating the webserver behind the webserver SSRF.
https://github.com/seanrdev/cve-2023-27163
#cve #cybersecurity #infosec
ββhypobrychium
AV/EDR completely ignore me. Duplicate the token of a running process and run a command.
https://github.com/foxlox/hypobrychium
#cve #cybersecurity #infosec
AV/EDR completely ignore me. Duplicate the token of a running process and run a command.
https://github.com/foxlox/hypobrychium
#cve #cybersecurity #infosec
To find information disclosure vulnerabilities change the headers
- Change the Accept header to:
- Also trying sending null byte like
GET /%00
If error handling is not done properly, reveals server version information, stack and route information
#bugbounty #bugbountytip
- Change the Accept header to:
- Also trying sending null byte like
GET /%00
If error handling is not done properly, reveals server version information, stack and route information
#bugbounty #bugbountytip
β€2
Tips for finding hardcoded credentials
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
Whenever you are searching for hardcoded credentails, don't forget to read "jquery.js" files as well. Sometime you might find 3rd party hardcoded credentials
#bugbountytips #hacking #infosec
π3
CSP-bypass techniques βοΈ
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
https://bhavesh-thakur.medium.com/content-security-policy-csp-bypass-techniques-e3fa475bfe5d
#bugbounty #bugbountytips
β€βπ₯2
200+books on info sec and cybersecurity. Feel free to download any and read.
LINK: https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
LINK: https://drive.google.com/drive/u/0/folders/12Mvq6kE2HJDwN2CZhEGWizyWt87YunkU
β€βπ₯6π1π₯1
MaxAI
Chrome extension for quick access to different #AI chatbots:
ChatGPT
Bard
Bing
Claude
OpenAI API
+ a lot of prompt templates for different tasks
https://www.maxai.me/
Chrome extension for quick access to different #AI chatbots:
ChatGPT
Bard
Bing
Claude
OpenAI API
+ a lot of prompt templates for different tasks
https://www.maxai.me/
β€3
β»οΈ What is SS7 βββ
Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the worldβs public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
SS7 consists of a set of reserved or dedicated channels known as signaling links. There are three kinds of network points signaling points: Service Switching Points (SSPs), Signal Transfer Points (STPs), and Service Control Points (SCPs). SSPs originate or terminate a call and communicate on the SS7 network with SCPs to determine how to route a call or set up and manage some special feature. Traffic on the SS7 network is routed by packet switches called STPs. SCPs and STPs are usually mated so that service can continue if one network point fails.
Signalling System No. 7 (SS7) is a set of telephony signaling protocols developed in 1975, which is used to set up and tear down most of the worldβs public switched telephone network (PSTN) telephone calls. It also performs number translation, local number portability, prepaid billing, Short Message Service (SMS), and other mass market services.
SS7 consists of a set of reserved or dedicated channels known as signaling links. There are three kinds of network points signaling points: Service Switching Points (SSPs), Signal Transfer Points (STPs), and Service Control Points (SCPs). SSPs originate or terminate a call and communicate on the SS7 network with SCPs to determine how to route a call or set up and manage some special feature. Traffic on the SS7 network is routed by packet switches called STPs. SCPs and STPs are usually mated so that service can continue if one network point fails.
π₯2β€βπ₯1π1
2FA Bypass techniques: ππ₯
1. Response Manipulation
In response if "success":false
Change it to "success":true
2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.
4.JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot
5.2FA Code Reusability
Same code can be reused
6.Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code
7.Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA
8.CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation
9. Password Reset Disable 2FA
2FA gets disabled on password change/email change
10.Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions
11.Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
12.Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility
13.Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.
Steps:-
1. Enter βnullβ in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA
14. Google Authenticator Bypass
Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed
15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number
1. Response Manipulation
In response if "success":false
Change it to "success":true
2. Status Code Manipulation
If Status Code is 4xx
Try to change it to 200 OK and see if it bypass restrictions
3. 2FA Code Leakage in Response
Check the response of the 2FA Code Triggering Request to see if the code is leaked.
4.JS File Analysis
Rare but some JS Files may contain info about the 2FA Code, worth giving a shot
5.2FA Code Reusability
Same code can be reused
6.Lack of Brute-Force Protection
Possible to brute-force any length 2FA Code
7.Missing 2FA Code Integrity Validation
Code for any user account can be used to bypass the 2FA
8.CSRF on 2FA Disabling
No CSRF Protection on disabling 2FA, also there is no auth confirmation
9. Password Reset Disable 2FA
2FA gets disabled on password change/email change
10.Backup Code Abuse
Bypassing 2FA by abusing the Backup code feature
Use the above mentioned techniques to bypass Backup Code to remove/reset 2FA reset restrictions
11.Clickjacking on 2FA Disabling Page
Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
12.Iframing the 2FA Disabling page and social engineering victim to disable the 2FA
If the session is already hijacked and there is a session timeout vulnerbility
13.Bypass 2FA with null or 000000
Enter the code 000000 or null to bypass 2FA protection.
Steps:-
1. Enter βnullβ in 2FA code
2. Enter 000000 in 2FA code
3. Send empty code - Someone found this in grammarly
4. Open new tab in same browser and check if other API endpoints are accessible without entering 2FA
14. Google Authenticator Bypass
Steps:-
1) Set-up Google Authenticator for 2FA
2) Now, 2FA is enabled
3) Go on password reset page and change your password
4) If you are website redirect you to your dashboard then 2FA (Google Authenticator) is bypassed
15. Bypassing OTP in registration forms by repeating the form submission multiple times using repeater
Steps :-
1) Create an account with a non-existing phone number
2) Intercept the Request in BurpSuite
3) Send the request to the repeater and forward
4) Go to Repeater tab and change the non-existent phone number to your phone number
5) If you got an OTP to your phone, try using that OTP to register that non-existent number
π6